diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 61ee8b22a032..81ac6176d6e7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,6 +29,8 @@ jobs: - run: tar -cvzf samm.tar.gz images model texts - name: Generate Excel spreadsheet from the model uses: owaspsamm/toolbox-spreadsheet@main + with: + version: ${{ env.RELEASE_VERSION }} - name: Build Changelog id: github_release uses: mikepenz/release-changelog-builder-action@v3 diff --git a/.github/workflows/reusable-create-translation-branch.yml b/.github/workflows/reusable-create-translation-branch.yml new file mode 100644 index 000000000000..62e446471bf3 --- /dev/null +++ b/.github/workflows/reusable-create-translation-branch.yml @@ -0,0 +1,37 @@ +name: Create new translation version branch in language repository + +on: + workflow_call: + inputs: + source_branch: + required: true + type: string + source_folder: + required: true + type: string + new_branch_name: + required: true + type: string + +jobs: + pull_and_create_branch: + runs-on: ubuntu-latest + + steps: + - name: Checkout current repo + uses: actions/checkout@v3 + - name: Set up Git with GitHub Actions bot identity + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + - name: Pull content from another repository + run: | + git clone --branch ${{ inputs.source_branch }} --single-branch https://github.com/owaspsamm/core temp-repo + rm -rf temp-repo/.git + rsync -a --exclude='.git' temp-repo/ . + - name: Create a new branch with the pulled content + run: | + git checkout -b ${{ inputs.new_branch_name }} + git add ${{ inputs.source_folder }} + git commit -m "Pulled content from ${{ inputs.source_repo }}:${{ inputs.source_branch }}" + git push origin ${{ inputs.new_branch_name }} diff --git a/.github/workflows/reusable-yaml-process.yml b/.github/workflows/reusable-yaml-process.yml new file mode 100644 index 000000000000..01909ded3e3d --- /dev/null +++ b/.github/workflows/reusable-yaml-process.yml @@ -0,0 +1,44 @@ +name: Reusable workflow to convert yaml files to markdown + +on: + workflow_call: + inputs: + language: + required: true + type: string + branch: + required: true + type: string + model_folder: + required: true + type: string +jobs: + generate-markdown: + runs-on: ubuntu-latest + steps: + - name: 'Checkout using release is workflow dispatched' + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + - name: 'Create output dir and copy files to override spaces in directories' + run: | + mkdir output + - name: 'Generate model for website' + uses: docker://backnot/owasp-samm-process-yaml-content:latest + with: + args: '-d ${{ inputs.model_folder }} -o output -l ${{ inputs.language }}' + - name: 'Move generated files to common directory structure' + run: | + mkdir -p build/business-function/practice/stream + BASE=output/markdown + cp "$BASE"/{Design.md,Governance.md,Implementation.md,Operations.md,Verification.md} build/business-function + cp "$BASE"/*-??-?.md build/business-function/practice/stream + cp "$BASE"/*-??.md build/business-function/practice + - name: Deploy + uses: s0/git-publish-subdir-action@develop + env: + REPO: self + BRANCH: markdown + FOLDER: build + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SQUASH_HISTORY: false diff --git a/.github/workflows/yaml-process.yml b/.github/workflows/yaml-process.yml index aede5408d35f..52018e3b851b 100644 --- a/.github/workflows/yaml-process.yml +++ b/.github/workflows/yaml-process.yml @@ -46,7 +46,7 @@ jobs: run: | mkdir output - name: 'Generate model for website' - uses: docker://fzipi/owasp-samm-preprocess-yaml:version-0.8.1 + uses: docker://backnot/owasp-samm-process-yaml-content:latest with: args: '-d model -o output' - name: 'Move generated files to common directory structure' @@ -66,14 +66,14 @@ jobs: SQUASH_HISTORY: true # after changing something, we need to trigger the website build trigger-website-build: - if: github.event.push.tags && github.ref_type == 'tag' + if: github.event_name == 'push' && github.ref_type == 'tag' runs-on: ubuntu-latest needs: generate-markdown steps: - name: Trigger Website Dispatch uses: peter-evans/repository-dispatch@v2 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.OWASP_SAMM_WEBSITE_TOKEN }} repository: owaspsamm/website event-type: samm-core-released client-payload: '{"release": "${{ github.ref_name }}"}' diff --git a/README.md b/README.md index f30370fc593f..72cbc56e0150 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # OWASP SAMM - Core Model Repository -[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-38a047.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Flagship_Projects) +[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-38a047.svg)](https://owasp.org/projects/#flagship-projects) [![Join the chat at https://owasp.slack.com/archives/C0VF1EJGH](https://img.shields.io/badge/chat-on%20slack-blueviolet)](https://owasp.slack.com/archives/C0VF1EJGH) [![Twitter Follow](https://img.shields.io/twitter/follow/owaspsamm?style=social)](https://twitter.com/OwaspSAMM) diff --git a/model/activities/D-TA-1-B.yml b/model/activities/D-TA-1-B.yml index ef265ead4749..84230f876411 100644 --- a/model/activities/D-TA-1-B.yml +++ b/model/activities/D-TA-1-B.yml @@ -30,7 +30,7 @@ longDescription: | Threat modeling is a team exercise, including product owners, architects, security champions, and security testers. At this maturity level, expose teams and stakeholders to threat modeling to increase security awareness and to create a shared vision on the security of the system. - At maturity level 1, you perform threat modeling ad-hoc for high-risk applications and use simple threat checklists, such as STRIDE. Avoid lengthy workshops and overly detailed lists of low-relevant threats. Perform threat modeling iteratively to align to more iterative development paradigms. If you add new functionality to an existing application, look only into the newly added functions instead of trying to cover the entire scope. A good starting point is the existing diagrams that you annotate during discussion workshops. Always make sure to persist the outcome of a threat modeling discussion for later use. + At maturity level 1, you perform threat modeling ad-hoc for high-risk applications and use simple threat checklists, such as STRIDE. Avoid lengthy workshops and overly detailed lists of low-relevant threats. Perform threat modeling iteratively to align to more iterative development paradigms. If you add new functionality to an existing application, look only into the newly added functions instead of trying to cover the entire scope. A good starting point is the existing diagrams that you annotate during discussion workshops. Always persist the outcome of a threat modeling discussion for later use. Your most important tool to start threat modeling is a whiteboard, smartboard, or a piece of paper. Aim for security awareness, a simple process, and actionable outcomes that you agree upon with your team. diff --git a/model/activities/D-TA-2-B.yml b/model/activities/D-TA-2-B.yml index 5b5b5305719b..77d67a8df206 100644 --- a/model/activities/D-TA-2-B.yml +++ b/model/activities/D-TA-2-B.yml @@ -31,7 +31,7 @@ longDescription: | Your threat modeling methodology includes at least diagramming, threat identification, design flaw mitigations, and how to validate your threat model artifacts. Your threat model diagram allows a detailed understanding of the environment and the mechanics of the application. You discover threats to your application with checklists, such as STRIDE or more organization-specific threats. For identified design flaws (ranked according to risk for your organization), you add mitigating controls to support stakeholders in dealing with particular threats. Define what triggers updating a threat model, for example, a technology change or deployment of an application in a new environment. - Feed the output of threat modeling to the defect management process for adequate follow-up. Capture the threat modeling artifacts with tools that are used by your application teams. + Feed the output of threat modeling to the defect management process for adequate follow-up. Capture the threat modeling artifacts with tools used by your application teams. #The output of this particular activity results: diff --git a/model/activities/D-TA-3-B.yml b/model/activities/D-TA-3-B.yml index 6f2e1117f184..882dfc7256e8 100644 --- a/model/activities/D-TA-3-B.yml +++ b/model/activities/D-TA-3-B.yml @@ -24,7 +24,7 @@ shortDescription: Continuously optimization and automation of your threat modeli #A multi-paragraph description of the activity longDescription: | - Threat modeling is integrated into your SDLC and has become part of the developer security culture. Reusable risk patterns, comprising of related threat libraries, design flaws, and security mitigations, are created and improved, based on the organization's threat models. You regularly (e.g., yearly) review the existing threat models to verify that no new threats are relevant for your applications. + Threat modeling is integrated into your SDLC and has become part of the developer security culture. Reusable risk patterns, comprising related threat libraries, design flaws, and security mitigations, are created and improved, based on the organization's threat models. You regularly (e.g., yearly) review the existing threat models to verify that no new threats are relevant for your applications. You optimize your threat modeling methodology. You capture lessons learned from threat models and use these to improve your threat modeling methodology. You review the threat categories relevant to your organization and update your methodology appropriately. From time to time, you evaluate the quality of your threat models independently. diff --git a/model/activities/G-EG-3-B.yml b/model/activities/G-EG-3-B.yml index 6b4f1989589e..9d0783c90a41 100644 --- a/model/activities/G-EG-3-B.yml +++ b/model/activities/G-EG-3-B.yml @@ -26,7 +26,7 @@ shortDescription: Build a secure software community including all organization p longDescription: | Security is the responsibility of all employees, not just the Information Security team. Deploy communication and knowledge sharing platforms to help developers build communities around different technologies, tools, and programming languages. In these communities employees share information, discuss challenges with other developers, and search the knowledge base for answers to previously discussed issues. - Form communities around roles and responsibilities and enable developers and engineers from different teams and business units to communicate freely and benefit from each other's expertise. Encourage participation, set up a program to promote those who help the most people as thought leaders, and have management recognize them. In addition to improving application security, this platform may help identify future members of the Secure Software Center of Excellence, or 'Security Champions' based on their expertise and willingness to help others. + Form communities around roles and responsibilities. Enable developers and engineers from different teams and business units to communicate freely so they can benefit from each other's expertise. Encourage participation, set up a program to promote those who help the most people as thought leaders, and have management recognize them. In addition to improving application security, this platform may help identify future members of the Secure Software Center of Excellence, or 'Security Champions' based on their expertise and willingness to help others. The Secure Software Center of Excellence and Application Security teams review the information portal regularly for insights into the new and upcoming technologies, as well as opportunities to assist the development community with new initiatives, tools, programs, and training resources. Use the portal to disseminate information about new standards, tools, and resources to all developers for the continued improvement of SDLC maturity and application security. diff --git a/model/activities/G-SM-2-A.yml b/model/activities/G-SM-2-A.yml index 99be413d28b1..53c4a6633d1f 100644 --- a/model/activities/G-SM-2-A.yml +++ b/model/activities/G-SM-2-A.yml @@ -25,7 +25,7 @@ shortDescription: Publish a unified strategy for application security. longDescription: | Based on the magnitude of assets, threats, and risk tolerance, develop a security strategic plan and budget to address business priorities around application security. The plan covers 1 to 3 years and includes milestones consistent with the organization's business drivers and risks. It provides tactical and strategic initiatives and follows a roadmap that makes its alignment with business priorities and needs visible. - In the roadmap, you reach a balance between changes requiring financial expenditures, changes of processes and procedures, and changes impacting the organization's culture. This balance helps accomplish multiple milestones concurrently and without overloading or exhausting available resources or development teams. The milestones are frequent enough to help monitor program success and trigger timely roadmap adjustments. + In the roadmap, reach a balance between changes requiring financial expenditures, changes of processes and procedures, and changes impacting the organization's culture. This balance helps accomplish multiple milestones concurrently and without overloading or exhausting available resources or development teams. The milestones are frequent enough to help monitor program success and trigger timely roadmap adjustments. For the program to be successful, the application security team obtains buy-in from the organization's stakeholders and application development teams. A published plan is available to anyone who is required to support or participate in its implementation. diff --git a/model/activities/I-SD-1-B.yml b/model/activities/I-SD-1-B.yml index b8027c754097..15022ddaa15a 100644 --- a/model/activities/I-SD-1-B.yml +++ b/model/activities/I-SD-1-B.yml @@ -52,7 +52,7 @@ personnel: notes: None #References to other activities that are prerequisites to implement this one. -relatedActivites: +relatedActivities: - 994bcac2bb7c4cc59a0faa365a0b58a0 #I-SD-1-A #Type Classification of the Document diff --git a/model/activities/I-SD-2-A.yml b/model/activities/I-SD-2-A.yml index 3a7f96d09ed3..e9777d1a769e 100644 --- a/model/activities/I-SD-2-A.yml +++ b/model/activities/I-SD-2-A.yml @@ -52,7 +52,7 @@ personnel: notes: None #References to other activities that are prerequisites to implement this one. -relatedActivites: +relatedActivities: - fb6f258a2e424ee9a919341758222a7a #V-ST-2-A #Type Classification of the Document diff --git a/model/activities/O-IM-2-B.yml b/model/activities/O-IM-2-B.yml index 38fec13adb08..f7a97b6026c9 100644 --- a/model/activities/O-IM-2-B.yml +++ b/model/activities/O-IM-2-B.yml @@ -13,7 +13,7 @@ level: 439406325e6645519c149da3e05a7d9d id: d6dd8813c5074350b5614b92f2dec60d #The title of this activity -title: Define and incident response process +title: Define an incident response process #Describe the benefit that is achieved by implementing this activity benefit: Understanding and efficient handling of most security incidents diff --git a/model/activities/O-OM-2-B.yml b/model/activities/O-OM-2-B.yml index 0c833e0a8d9f..9372ae4356ec 100644 --- a/model/activities/O-OM-2-B.yml +++ b/model/activities/O-OM-2-B.yml @@ -16,7 +16,7 @@ id: 60d7a0a61dd142d5a87009bc5b93df56 title: Formalize decommissioning process #Describe the benefit that is achieved by implementing this activity -benefit: Standardized decommisioning process decreasing the risk of forgetting components +benefit: Standardized decommissioning process decreasing the risk of forgetting components #A one sentence description of the activity shortDescription: Develop repeatable decommissioning processes for unused systems/services, diff --git a/model/activities/V-AA-1-B.yml b/model/activities/V-AA-1-B.yml index cfd5b230f8fa..fb3f72fffe75 100644 --- a/model/activities/V-AA-1-B.yml +++ b/model/activities/V-AA-1-B.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-AA-2-A.yml b/model/activities/V-AA-2-A.yml index ea943d9d0a14..25d8f845a670 100644 --- a/model/activities/V-AA-2-A.yml +++ b/model/activities/V-AA-2-A.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-AA-2-B.yml b/model/activities/V-AA-2-B.yml index aecd04ea0c1f..ed783454c206 100644 --- a/model/activities/V-AA-2-B.yml +++ b/model/activities/V-AA-2-B.yml @@ -44,6 +44,6 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity diff --git a/model/activities/V-AA-3-A.yml b/model/activities/V-AA-3-A.yml index 37701db7fce0..affb6e14a1ca 100644 --- a/model/activities/V-AA-3-A.yml +++ b/model/activities/V-AA-3-A.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-AA-3-B.yml b/model/activities/V-AA-3-B.yml index 5cc4c3ab04d3..6ae850888f2a 100644 --- a/model/activities/V-AA-3-B.yml +++ b/model/activities/V-AA-3-B.yml @@ -20,7 +20,7 @@ benefit: Continuous improvement of enterprise architecture based on architecture #A one sentence description of the activity shortDescription: Feed the architecture review results back into the enterprise architecture, - organization design principles & patterns, security solutions and reference architectures. + organization design principles and patterns, security solutions and reference architectures. #A multi-paragraph description of the activity longDescription: | @@ -41,6 +41,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-RT-1-A.yml b/model/activities/V-RT-1-A.yml index 8b893e661798..d33df70b0cb2 100644 --- a/model/activities/V-RT-1-A.yml +++ b/model/activities/V-RT-1-A.yml @@ -42,7 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: - 5702908efca4499e87a0239f32920d9b # Practice D-Security-Requirements #Type Classification of the Document diff --git a/model/activities/V-RT-1-B.yml b/model/activities/V-RT-1-B.yml index acc755e8be3c..fe7a8dc6989d 100644 --- a/model/activities/V-RT-1-B.yml +++ b/model/activities/V-RT-1-B.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-RT-2-A.yml b/model/activities/V-RT-2-A.yml index 0b10f4a627a8..9c8e8a37c00b 100644 --- a/model/activities/V-RT-2-A.yml +++ b/model/activities/V-RT-2-A.yml @@ -44,6 +44,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-RT-2-B.yml b/model/activities/V-RT-2-B.yml index bd95ad0f0423..55c84c12817a 100644 --- a/model/activities/V-RT-2-B.yml +++ b/model/activities/V-RT-2-B.yml @@ -42,6 +42,6 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity diff --git a/model/activities/V-RT-3-A.yml b/model/activities/V-RT-3-A.yml index 56071c62f33c..553242917fa5 100644 --- a/model/activities/V-RT-3-A.yml +++ b/model/activities/V-RT-3-A.yml @@ -25,7 +25,7 @@ shortDescription: Perform regression testing (with security unit tests). longDescription: | Write and automate regression tests for all identified (and fixed) bugs to ensure that these become a test harness preventing similar issues being introduced during later releases. Security unit tests should verify dynamically (i.e., at run time) that the components function as expected and should validate that code changes are properly implemented. - A good practice for developers is to build security test cases as a generic security test suite that is part of the existing unit testing framework. A generic security test suite might include security test cases to validate both positive and negative requirements for security controls such as Identity, Authentication & Access Control, Input Validation & Encoding, User and Session Management, Error and Exception Handling, Encryption, and Auditing and Logging. Verify the correct execution of the security tests as early as possible. If feasible for example, consider the passing of security tests as part of merge requirements before allowing new code to enter the main code base. Alternatively, consider their passing a requirement for validating a build. + A good practice for developers is to build security test cases as a generic security test suite that is part of the existing unit testing framework. A generic security test suite might include security test cases to validate both positive and negative requirements for security controls such as Identity, Authentication and Access Control, Input Validation and Encoding, User and Session Management, Error and Exception Handling, Encryption, and Auditing and Logging. Verify the correct execution of the security tests as early as possible. If feasible for example, consider the passing of security tests as part of merge requirements before allowing new code to enter the main code base. Alternatively, consider their passing a requirement for validating a build. For security functional tests, use unit level tests for the functionality of security controls at the software component level, such as functions, methods, or classes. For example, a test case could check input and output validation (e.g., variable sanitation) and boundary checks for variables by asserting the expected functionality of the component. @@ -44,6 +44,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-RT-3-B.yml b/model/activities/V-RT-3-B.yml index 18f6f1570cfc..ac7530b64d97 100644 --- a/model/activities/V-RT-3-B.yml +++ b/model/activities/V-RT-3-B.yml @@ -23,7 +23,7 @@ shortDescription: Denial of service and security stress testing. #A multi-paragraph description of the activity longDescription: | - Applications are particularly susceptible to denial of service attacks. Perform denial of service and security stress testing against them in controlled conditiions, preferably on application acceptance environments. + Applications are particularly susceptible to denial of service attacks. Perform denial of service and security stress testing against them in controlled conditions, preferably on application acceptance environments. Load testing tools generate synthetic traffic, allowing you to test the application's performance under heavy load. One important test is how many requests per second an application can handle while remaining within its performance requirements. Testing from a single IP address is still useful as it gives an indication of how many requests an attacker must generate to impact the application. @@ -45,7 +45,7 @@ notes: | I removed references to specific tools and a detailed explanation of denial of service tests. These can all be added to the guidance notes. #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity diff --git a/model/activities/V-ST-1-A.yml b/model/activities/V-ST-1-A.yml index 4215e1d0d6c2..deb4b30052dc 100644 --- a/model/activities/V-ST-1-A.yml +++ b/model/activities/V-ST-1-A.yml @@ -48,6 +48,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-ST-1-B.yml b/model/activities/V-ST-1-B.yml index eeb2ea62a170..fb894c35e8ff 100644 --- a/model/activities/V-ST-1-B.yml +++ b/model/activities/V-ST-1-B.yml @@ -44,6 +44,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-ST-2-A.yml b/model/activities/V-ST-2-A.yml index 5ca09bf04a8d..7de501a0230b 100644 --- a/model/activities/V-ST-2-A.yml +++ b/model/activities/V-ST-2-A.yml @@ -46,6 +46,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/activities/V-ST-2-B.yml b/model/activities/V-ST-2-B.yml index 3b69c800379c..9b9600a2443c 100644 --- a/model/activities/V-ST-2-B.yml +++ b/model/activities/V-ST-2-B.yml @@ -46,6 +46,6 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity diff --git a/model/activities/V-ST-3-A.yml b/model/activities/V-ST-3-A.yml index 929bc6614f55..5fab80bd9316 100644 --- a/model/activities/V-ST-3-A.yml +++ b/model/activities/V-ST-3-A.yml @@ -46,7 +46,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: - e17d573510904f65a1fe6040b56ad0b1 # Practice I-Defect-Management #Type Classification of the Document diff --git a/model/activities/V-ST-3-B.yml b/model/activities/V-ST-3-B.yml index fa35005bc80b..34a36c36f056 100644 --- a/model/activities/V-ST-3-B.yml +++ b/model/activities/V-ST-3-B.yml @@ -46,6 +46,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity diff --git a/model/answer_sets/S.yml b/model/answer_sets/S.yml deleted file mode 100644 index 1b3dc1df7737..000000000000 --- a/model/answer_sets/S.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# =========================================================== -# OWASP SAMM2 Answer Set - S -# =========================================================== -# Unique identifier (GUID) used to refer to this maturity level. -# Please generate another identifier for your specific maturity level. -id: e11943dd1978471486d5db4b04e3047d - -# Different answers with their properties. We use 4 levels or answers -values: - #lowest level -- text: No - value: 0 - weight: 1 - order: 0 - #second level -- text: Yes, for some of the policies and standards - value: 0.25 - weight: 1 - order: 1 - #third level -- text: Yes, for at least half of the policies and standards - value: 0.5 - weight: 1 - order: 2 - #highest level -- text: Yes, for most or all of the policies and standards - value: 1 - weight: 1 - order: 3 - -# Type Classification of the Document -type: AnswerSet diff --git a/model/practice_levels/D-SA-1.yml b/model/practice_levels/D-SA-1.yml index 8774540637d4..52a51c63f6b2 100644 --- a/model/practice_levels/D-SA-1.yml +++ b/model/practice_levels/D-SA-1.yml @@ -6,7 +6,7 @@ practice: 4753e55e943c4d418303bf90d599c6b1 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SA-2.yml b/model/practice_levels/D-SA-2.yml index 95594511cabb..86d50b5001a5 100644 --- a/model/practice_levels/D-SA-2.yml +++ b/model/practice_levels/D-SA-2.yml @@ -6,7 +6,7 @@ practice: 4753e55e943c4d418303bf90d599c6b1 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SA-3.yml b/model/practice_levels/D-SA-3.yml index e82d7c392284..439eec87b7ca 100644 --- a/model/practice_levels/D-SA-3.yml +++ b/model/practice_levels/D-SA-3.yml @@ -6,7 +6,7 @@ practice: 4753e55e943c4d418303bf90d599c6b1 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SR-1.yml b/model/practice_levels/D-SR-1.yml index 199880f4b17c..a9e7a7c70737 100644 --- a/model/practice_levels/D-SR-1.yml +++ b/model/practice_levels/D-SR-1.yml @@ -6,7 +6,7 @@ practice: 5702908efca4499e87a0239f32920d9b #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SR-2.yml b/model/practice_levels/D-SR-2.yml index 1e5a97d291cb..4035bb585e21 100644 --- a/model/practice_levels/D-SR-2.yml +++ b/model/practice_levels/D-SR-2.yml @@ -6,7 +6,7 @@ practice: 5702908efca4499e87a0239f32920d9b #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SR-3.yml b/model/practice_levels/D-SR-3.yml index 059d95796372..2396b41e7c89 100644 --- a/model/practice_levels/D-SR-3.yml +++ b/model/practice_levels/D-SR-3.yml @@ -6,7 +6,7 @@ practice: 5702908efca4499e87a0239f32920d9b #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-TA-1.yml b/model/practice_levels/D-TA-1.yml index 3252fb5b8c9c..12899385c2f5 100644 --- a/model/practice_levels/D-TA-1.yml +++ b/model/practice_levels/D-TA-1.yml @@ -6,7 +6,7 @@ practice: f9269aebfe2c4d5b9293ba42a40a93ac #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-TA-2.yml b/model/practice_levels/D-TA-2.yml index dd68bfa0830a..cf67e7724702 100644 --- a/model/practice_levels/D-TA-2.yml +++ b/model/practice_levels/D-TA-2.yml @@ -6,7 +6,7 @@ practice: f9269aebfe2c4d5b9293ba42a40a93ac #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-TA-3.yml b/model/practice_levels/D-TA-3.yml index f97fc090bfa1..ea62185893fb 100644 --- a/model/practice_levels/D-TA-3.yml +++ b/model/practice_levels/D-TA-3.yml @@ -6,7 +6,7 @@ practice: f9269aebfe2c4d5b9293ba42a40a93ac #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-EG-1.yml b/model/practice_levels/G-EG-1.yml index add35e0fdbdd..6aea97e20a1f 100644 --- a/model/practice_levels/G-EG-1.yml +++ b/model/practice_levels/G-EG-1.yml @@ -6,7 +6,7 @@ practice: 483a0a1b78264cafbc470ce72d557332 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-EG-2.yml b/model/practice_levels/G-EG-2.yml index 59d38b64e40e..6fc4c0f10150 100644 --- a/model/practice_levels/G-EG-2.yml +++ b/model/practice_levels/G-EG-2.yml @@ -6,7 +6,7 @@ practice: 483a0a1b78264cafbc470ce72d557332 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-EG-3.yml b/model/practice_levels/G-EG-3.yml index 394d788a8b96..5d3c16cf365e 100644 --- a/model/practice_levels/G-EG-3.yml +++ b/model/practice_levels/G-EG-3.yml @@ -6,7 +6,7 @@ practice: 483a0a1b78264cafbc470ce72d557332 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-PC-1.yml b/model/practice_levels/G-PC-1.yml index b518745a32ba..e894513d0d86 100644 --- a/model/practice_levels/G-PC-1.yml +++ b/model/practice_levels/G-PC-1.yml @@ -6,7 +6,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-PC-2.yml b/model/practice_levels/G-PC-2.yml index 06ff9544db44..aa9e2d2e379e 100644 --- a/model/practice_levels/G-PC-2.yml +++ b/model/practice_levels/G-PC-2.yml @@ -6,7 +6,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-PC-3.yml b/model/practice_levels/G-PC-3.yml index b65799a3806d..ee15017ce000 100644 --- a/model/practice_levels/G-PC-3.yml +++ b/model/practice_levels/G-PC-3.yml @@ -6,7 +6,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-SM-1.yml b/model/practice_levels/G-SM-1.yml index ee9b6e9a1e23..69546e6ffada 100644 --- a/model/practice_levels/G-SM-1.yml +++ b/model/practice_levels/G-SM-1.yml @@ -6,7 +6,7 @@ practice: 32b3bdd85d3a4d53827960004f9d1c7e #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-SM-2.yml b/model/practice_levels/G-SM-2.yml index 16cb1f1f4f15..bfc88de4add1 100644 --- a/model/practice_levels/G-SM-2.yml +++ b/model/practice_levels/G-SM-2.yml @@ -6,7 +6,7 @@ practice: 32b3bdd85d3a4d53827960004f9d1c7e #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-SM-3.yml b/model/practice_levels/G-SM-3.yml index b1bcec6271b6..f8ae5ee91600 100644 --- a/model/practice_levels/G-SM-3.yml +++ b/model/practice_levels/G-SM-3.yml @@ -6,7 +6,7 @@ practice: 32b3bdd85d3a4d53827960004f9d1c7e #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-DM-1.yml b/model/practice_levels/I-DM-1.yml index acd52b0fa29f..17d583eaeb93 100644 --- a/model/practice_levels/I-DM-1.yml +++ b/model/practice_levels/I-DM-1.yml @@ -6,7 +6,7 @@ practice: e17d573510904f65a1fe6040b56ad0b1 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-DM-2.yml b/model/practice_levels/I-DM-2.yml index a798eebee083..486c6e790997 100644 --- a/model/practice_levels/I-DM-2.yml +++ b/model/practice_levels/I-DM-2.yml @@ -6,7 +6,7 @@ practice: e17d573510904f65a1fe6040b56ad0b1 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-DM-3.yml b/model/practice_levels/I-DM-3.yml index d51b11833d7c..efdda437a6a1 100644 --- a/model/practice_levels/I-DM-3.yml +++ b/model/practice_levels/I-DM-3.yml @@ -6,7 +6,7 @@ practice: e17d573510904f65a1fe6040b56ad0b1 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SB-1.yml b/model/practice_levels/I-SB-1.yml index 80232a4cf911..9ca7ffe42800 100644 --- a/model/practice_levels/I-SB-1.yml +++ b/model/practice_levels/I-SB-1.yml @@ -6,7 +6,7 @@ practice: b2af112859d34cada6ce4cf44d393b94 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SB-2.yml b/model/practice_levels/I-SB-2.yml index a691f2de41ad..0519acb0d7b2 100644 --- a/model/practice_levels/I-SB-2.yml +++ b/model/practice_levels/I-SB-2.yml @@ -6,7 +6,7 @@ practice: b2af112859d34cada6ce4cf44d393b94 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SB-3.yml b/model/practice_levels/I-SB-3.yml index 36bed185e8da..de4065d23724 100644 --- a/model/practice_levels/I-SB-3.yml +++ b/model/practice_levels/I-SB-3.yml @@ -6,7 +6,7 @@ practice: b2af112859d34cada6ce4cf44d393b94 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SD-1.yml b/model/practice_levels/I-SD-1.yml index 35018982cbbf..474d9a3164e6 100644 --- a/model/practice_levels/I-SD-1.yml +++ b/model/practice_levels/I-SD-1.yml @@ -6,7 +6,7 @@ practice: 40d7879025144dbbbf34ba8ea82f060d #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SD-2.yml b/model/practice_levels/I-SD-2.yml index f0953b6ddaac..c04f8948f3c7 100644 --- a/model/practice_levels/I-SD-2.yml +++ b/model/practice_levels/I-SD-2.yml @@ -6,7 +6,7 @@ practice: 40d7879025144dbbbf34ba8ea82f060d #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SD-3.yml b/model/practice_levels/I-SD-3.yml index f603ee3bb3c5..a0d33f4bd260 100644 --- a/model/practice_levels/I-SD-3.yml +++ b/model/practice_levels/I-SD-3.yml @@ -6,7 +6,7 @@ practice: 40d7879025144dbbbf34ba8ea82f060d #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-EM-1.yml b/model/practice_levels/O-EM-1.yml index 3a5e8c7abede..7782ffbdec60 100644 --- a/model/practice_levels/O-EM-1.yml +++ b/model/practice_levels/O-EM-1.yml @@ -6,7 +6,7 @@ practice: 53a9cd5c2d3643f3b71e4e9d92b811e2 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-EM-2.yml b/model/practice_levels/O-EM-2.yml index 7b1f83ac6ea0..3a3b788a2785 100644 --- a/model/practice_levels/O-EM-2.yml +++ b/model/practice_levels/O-EM-2.yml @@ -6,7 +6,7 @@ practice: 53a9cd5c2d3643f3b71e4e9d92b811e2 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-EM-3.yml b/model/practice_levels/O-EM-3.yml index e721bae544bd..f9bffb50450e 100644 --- a/model/practice_levels/O-EM-3.yml +++ b/model/practice_levels/O-EM-3.yml @@ -6,7 +6,7 @@ practice: 53a9cd5c2d3643f3b71e4e9d92b811e2 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-IM-1.yml b/model/practice_levels/O-IM-1.yml index 8c3b553c4236..6f4a38c65cdd 100644 --- a/model/practice_levels/O-IM-1.yml +++ b/model/practice_levels/O-IM-1.yml @@ -6,7 +6,7 @@ practice: c13aa12c13d04362a3ca3385a8c580ee #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-IM-2.yml b/model/practice_levels/O-IM-2.yml index a7560d917066..aa626bea064f 100644 --- a/model/practice_levels/O-IM-2.yml +++ b/model/practice_levels/O-IM-2.yml @@ -6,7 +6,7 @@ practice: c13aa12c13d04362a3ca3385a8c580ee #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-IM-3.yml b/model/practice_levels/O-IM-3.yml index c850415cc437..bf9da9c105f4 100644 --- a/model/practice_levels/O-IM-3.yml +++ b/model/practice_levels/O-IM-3.yml @@ -6,7 +6,7 @@ practice: c13aa12c13d04362a3ca3385a8c580ee #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-OM-1.yml b/model/practice_levels/O-OM-1.yml index 9a1926dfbde8..9aa21e030ba2 100644 --- a/model/practice_levels/O-OM-1.yml +++ b/model/practice_levels/O-OM-1.yml @@ -6,7 +6,7 @@ practice: 8f07145b5ea74388b2217895d5e7b5c2 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-OM-2.yml b/model/practice_levels/O-OM-2.yml index 56a2d367407f..9191a7c67a02 100644 --- a/model/practice_levels/O-OM-2.yml +++ b/model/practice_levels/O-OM-2.yml @@ -6,7 +6,7 @@ practice: 8f07145b5ea74388b2217895d5e7b5c2 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-OM-3.yml b/model/practice_levels/O-OM-3.yml index f57883360112..1bf89aa43e09 100644 --- a/model/practice_levels/O-OM-3.yml +++ b/model/practice_levels/O-OM-3.yml @@ -6,7 +6,7 @@ practice: 8f07145b5ea74388b2217895d5e7b5c2 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-AA-1.yml b/model/practice_levels/V-AA-1.yml index 0de2f4643b02..56c8ae97c008 100644 --- a/model/practice_levels/V-AA-1.yml +++ b/model/practice_levels/V-AA-1.yml @@ -6,7 +6,7 @@ practice: 53f2da68c37a4ced8d5e767298fba589 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-AA-2.yml b/model/practice_levels/V-AA-2.yml index 749d2fb5f28d..c92c5cf6025b 100644 --- a/model/practice_levels/V-AA-2.yml +++ b/model/practice_levels/V-AA-2.yml @@ -6,7 +6,7 @@ practice: 53f2da68c37a4ced8d5e767298fba589 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-AA-3.yml b/model/practice_levels/V-AA-3.yml index 729a170434cd..dc4468665195 100644 --- a/model/practice_levels/V-AA-3.yml +++ b/model/practice_levels/V-AA-3.yml @@ -6,7 +6,7 @@ practice: 53f2da68c37a4ced8d5e767298fba589 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. @@ -14,6 +14,6 @@ id: 83ea8aaab3384b41b785107613ee4d86 #Objective of this particular practice level objective: Review the architecture effectiveness and feedback results to improve the - security architecture. + security of the architecture. #Type Classification of the Document type: PracticeLevel diff --git a/model/practice_levels/V-RT-1.yml b/model/practice_levels/V-RT-1.yml index 0fdd26dfc88b..9220677b7d2d 100644 --- a/model/practice_levels/V-RT-1.yml +++ b/model/practice_levels/V-RT-1.yml @@ -6,7 +6,7 @@ practice: 66fb99798fe946e4979a2de98e9d6f8b #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-RT-2.yml b/model/practice_levels/V-RT-2.yml index 82582d149544..71c5e6c1a746 100644 --- a/model/practice_levels/V-RT-2.yml +++ b/model/practice_levels/V-RT-2.yml @@ -6,7 +6,7 @@ practice: 66fb99798fe946e4979a2de98e9d6f8b #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-RT-3.yml b/model/practice_levels/V-RT-3.yml index 933764ec55b4..e791cef3386d 100644 --- a/model/practice_levels/V-RT-3.yml +++ b/model/practice_levels/V-RT-3.yml @@ -6,7 +6,7 @@ practice: 66fb99798fe946e4979a2de98e9d6f8b #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-ST-1.yml b/model/practice_levels/V-ST-1.yml index 4199ffdcd51e..bcea0a7598fc 100644 --- a/model/practice_levels/V-ST-1.yml +++ b/model/practice_levels/V-ST-1.yml @@ -6,7 +6,7 @@ practice: bb5488860c124b6e8076b023485023e1 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-ST-2.yml b/model/practice_levels/V-ST-2.yml index 6dc6d05cbe13..c7674948b20d 100644 --- a/model/practice_levels/V-ST-2.yml +++ b/model/practice_levels/V-ST-2.yml @@ -6,7 +6,7 @@ practice: bb5488860c124b6e8076b023485023e1 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-ST-3.yml b/model/practice_levels/V-ST-3.yml index 6b16c086bf5c..f87c81deb89e 100644 --- a/model/practice_levels/V-ST-3.yml +++ b/model/practice_levels/V-ST-3.yml @@ -6,7 +6,7 @@ practice: bb5488860c124b6e8076b023485023e1 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/questions/D-SA-1-A.yml b/model/questions/D-SA-1-A.yml index 88b4b11e8e7c..bf14d2a4052e 100644 --- a/model/questions/D-SA-1-A.yml +++ b/model/questions/D-SA-1-A.yml @@ -6,7 +6,7 @@ activity: 27bb61f3c6344359b021caeaef5ab07e #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-1-B.yml b/model/questions/D-SA-1-B.yml index 5e16398341e9..37590535e014 100644 --- a/model/questions/D-SA-1-B.yml +++ b/model/questions/D-SA-1-B.yml @@ -6,7 +6,7 @@ activity: 27cdd2a336a44e56a42632c7a78fcf4f #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-2-A.yml b/model/questions/D-SA-2-A.yml index f2459f21d879..02ca1d7e299c 100644 --- a/model/questions/D-SA-2-A.yml +++ b/model/questions/D-SA-2-A.yml @@ -6,7 +6,7 @@ activity: 9b6a86278ba14a9098d3d60a9a78d6c5 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-2-B.yml b/model/questions/D-SA-2-B.yml index 9ec2a36da839..9b67ad7617a4 100644 --- a/model/questions/D-SA-2-B.yml +++ b/model/questions/D-SA-2-B.yml @@ -6,7 +6,7 @@ activity: 5e1dd310e28449058046c7af0fe46fce #Link to the answer set that contains the potential answers for this question -answerset: b6fd4b86ecf04955befe9322ff338ca8 +answerSet: b6fd4b86ecf04955befe9322ff338ca8 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-3-A.yml b/model/questions/D-SA-3-A.yml index 29db06103b07..53ebe56a2425 100644 --- a/model/questions/D-SA-3-A.yml +++ b/model/questions/D-SA-3-A.yml @@ -6,7 +6,7 @@ activity: aa962032982a4d53bd34cd8771558df1 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-3-B.yml b/model/questions/D-SA-3-B.yml index bc4c5bcc0fce..d2ca2a614bcf 100644 --- a/model/questions/D-SA-3-B.yml +++ b/model/questions/D-SA-3-B.yml @@ -6,7 +6,7 @@ activity: 3afce608ad7c42deb37a04d6b86e5c33 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-1-A.yml b/model/questions/D-SR-1-A.yml index 6eac49e75d74..d7b9d0256e6e 100644 --- a/model/questions/D-SR-1-A.yml +++ b/model/questions/D-SR-1-A.yml @@ -6,7 +6,7 @@ activity: 91086153b98b46928e36dd031b27bdc2 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-1-B.yml b/model/questions/D-SR-1-B.yml index 3ea3d5833a05..eade1249c94d 100644 --- a/model/questions/D-SR-1-B.yml +++ b/model/questions/D-SR-1-B.yml @@ -6,7 +6,7 @@ activity: 2b01696356ed4652accf093f6c6a47ee #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-2-A.yml b/model/questions/D-SR-2-A.yml index 2a6f4e2db18a..774c0a178100 100644 --- a/model/questions/D-SR-2-A.yml +++ b/model/questions/D-SR-2-A.yml @@ -6,7 +6,7 @@ activity: 1cc77725cb2349f394477838668f6184 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-2-B.yml b/model/questions/D-SR-2-B.yml index cb907c70d3fc..eca74dd7894b 100644 --- a/model/questions/D-SR-2-B.yml +++ b/model/questions/D-SR-2-B.yml @@ -6,7 +6,7 @@ activity: 5d5e3d9beab9498ca1ce66d3a53a81c6 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-3-A.yml b/model/questions/D-SR-3-A.yml index 025eed15d238..f75cffaef5ad 100644 --- a/model/questions/D-SR-3-A.yml +++ b/model/questions/D-SR-3-A.yml @@ -6,7 +6,7 @@ activity: ce13df2e0dfb455588bf75135f1a718e #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-3-B.yml b/model/questions/D-SR-3-B.yml index 68b7094b9ea7..37cc41a403b4 100644 --- a/model/questions/D-SR-3-B.yml +++ b/model/questions/D-SR-3-B.yml @@ -6,7 +6,7 @@ activity: a9f56795ac84426c9e45f9471e82a8d7 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. @@ -22,7 +22,8 @@ order: 1 #Qualifying Criterion quality: - The vendor has a secure SDLC that includes secure build, secure deployment, defect - management, and incident management that align with those used in your organization + management, and incident management, meets the security expectations of your organization, + and is able to demonstrate operating effectiveness of practices. - You verify the solution meets quality and security objectives before every major release - When standard verification processes are not available, you use compensating controls diff --git a/model/questions/D-TA-1-A.yml b/model/questions/D-TA-1-A.yml index 3f432d51b764..c67903ddc1c3 100644 --- a/model/questions/D-TA-1-A.yml +++ b/model/questions/D-TA-1-A.yml @@ -6,7 +6,7 @@ activity: c6da6525773644d0a18b3a927caf6dd2 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-1-B.yml b/model/questions/D-TA-1-B.yml index 5076d7c368f8..520bef3f6a30 100644 --- a/model/questions/D-TA-1-B.yml +++ b/model/questions/D-TA-1-B.yml @@ -7,7 +7,7 @@ activity: 1ceadbb5a0024e2599821e7ce756f3a4 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-2-A.yml b/model/questions/D-TA-2-A.yml index 8591041ac3ad..3b2828474ae2 100644 --- a/model/questions/D-TA-2-A.yml +++ b/model/questions/D-TA-2-A.yml @@ -6,7 +6,7 @@ activity: 529d528265c94447954a57f5be425f54 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-2-B.yml b/model/questions/D-TA-2-B.yml index 0bbf3cc9c1c4..77f7b67e9e27 100644 --- a/model/questions/D-TA-2-B.yml +++ b/model/questions/D-TA-2-B.yml @@ -6,14 +6,14 @@ activity: 649b693315234a94928e42f3e308deac #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. id: 42cfabd13db34fd0b35e92af917eb1b8 #One-sentence description of the criterium -text: Do you use a standard methodology, aligned on your application risk levels? +text: Do you use a standard methodology, aligned with your application risk levels? #Order of this question for the activity (in case there would be multiple) order: 1 @@ -23,7 +23,7 @@ quality: - You train your architects, security champions, and other stakeholders on how to do practical threat modeling - Your threat modeling methodology includes at least diagramming, threat identification, design flaw mitigations, and how to validate your threat model artifacts - Changes in the application or business context trigger a review of the relevant threat models - - You capture the threat modeling artifacts with tools that are used by your application teams + - You capture the threat modeling artifacts with tools used by your application teams #Type Classification of the Document type: Question diff --git a/model/questions/D-TA-3-A.yml b/model/questions/D-TA-3-A.yml index a2dae318121f..02b72bc6ea6d 100644 --- a/model/questions/D-TA-3-A.yml +++ b/model/questions/D-TA-3-A.yml @@ -6,7 +6,7 @@ activity: 2f63f92c414546b58d035ece110d479f #Link to the answer set that contains the potential answers for this question -answerset: f3534ade73d8469e879c74b4e0a4eb3d +answerSet: f3534ade73d8469e879c74b4e0a4eb3d #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-3-B.yml b/model/questions/D-TA-3-B.yml index fd5477903941..00ab31527e56 100644 --- a/model/questions/D-TA-3-B.yml +++ b/model/questions/D-TA-3-B.yml @@ -6,7 +6,7 @@ activity: e931a744c2864bef85a3fa75ce7e214f #Link to the answer set that contains the potential answers for this question -answerset: 01b2ac64461d4ec6b40843a4c77e1ba6 +answerSet: 01b2ac64461d4ec6b40843a4c77e1ba6 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-1-A.yml b/model/questions/G-EG-1-A.yml index 1eef2a1c5135..ba6d894e2cb5 100644 --- a/model/questions/G-EG-1-A.yml +++ b/model/questions/G-EG-1-A.yml @@ -6,7 +6,7 @@ activity: 93ccc4cdf5d841e3986f3684467b2bf1 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. @@ -23,12 +23,14 @@ order: 1 quality: - Training is repeatable, consistent, and available to anyone involved with software development lifecycle -- Training includes the latest OWASP Top 10 if appropriate and includes concepts such +- Training includes relevant content from the latest OWASP Top 10 and includes concepts such as Least Privilege, Defense-in-Depth, Fail Secure (Safe), Complete Mediation, Session Management, Open Design, and Psychological Acceptability - Training requires a sign-off or an acknowledgement from attendees -- You have updated the training in the last 12 months -- Training is required during employees' onboarding process +- You have reviewed the training content within the last 12 months, and have completed any required updates +- All new covered staff are required to complete training during their onboarding process +- Existing covered staff are required to complete training when content is added/revised, or + complete refresher training at least every 24 months, whichever comes first #Type Classification of the Document type: Question diff --git a/model/questions/G-EG-1-B.yml b/model/questions/G-EG-1-B.yml index 2c4e99f436a3..7ca712248f0b 100644 --- a/model/questions/G-EG-1-B.yml +++ b/model/questions/G-EG-1-B.yml @@ -6,7 +6,7 @@ activity: ebd3782abc4343509981c52192904a42 #Link to the answer set that contains the potential answers for this question -answerset: a0d515d66004425e8039cf4197fce271 +answerSet: a0d515d66004425e8039cf4197fce271 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-2-A.yml b/model/questions/G-EG-2-A.yml index dd001a05a2fe..b7b1c4c418ad 100644 --- a/model/questions/G-EG-2-A.yml +++ b/model/questions/G-EG-2-A.yml @@ -6,7 +6,7 @@ activity: 05073fb130c74143a12a6ba74a44c580 #Link to the answer set that contains the potential answers for this question -answerset: f96770095fab4afbb27949c2242e47c2 +answerSet: f96770095fab4afbb27949c2242e47c2 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-2-B.yml b/model/questions/G-EG-2-B.yml index bb207437ff9f..9b309fa445e2 100644 --- a/model/questions/G-EG-2-B.yml +++ b/model/questions/G-EG-2-B.yml @@ -6,7 +6,7 @@ activity: d61764610f8741de894c1751f5c041ae #Link to the answer set that contains the potential answers for this question -answerset: 3d4c5c80278b4a58b80d559085804446 +answerSet: 3d4c5c80278b4a58b80d559085804446 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-3-A.yml b/model/questions/G-EG-3-A.yml index c556835e2faf..4c3de2d09458 100644 --- a/model/questions/G-EG-3-A.yml +++ b/model/questions/G-EG-3-A.yml @@ -6,7 +6,7 @@ activity: a061ed8a5b1c4899bc95d9b1a10a469d #Link to the answer set that contains the potential answers for this question -answerset: f96770095fab4afbb27949c2242e47c2 +answerSet: f96770095fab4afbb27949c2242e47c2 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-3-B.yml b/model/questions/G-EG-3-B.yml index e43c20342d64..dbf703e7d851 100644 --- a/model/questions/G-EG-3-B.yml +++ b/model/questions/G-EG-3-B.yml @@ -6,7 +6,7 @@ activity: a3720e84d6a24a8ba235c25ce6afc5c7 #Link to the answer set that contains the potential answers for this question -answerset: 3d4c5c80278b4a58b80d559085804446 +answerSet: 3d4c5c80278b4a58b80d559085804446 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-1-A.yml b/model/questions/G-PC-1-A.yml index b0488ec6c8a0..d8a0c38c722d 100644 --- a/model/questions/G-PC-1-A.yml +++ b/model/questions/G-PC-1-A.yml @@ -6,7 +6,7 @@ activity: 6e7a618abd564df5bb784ca54893bbee #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-1-B.yml b/model/questions/G-PC-1-B.yml index d7546393c0b3..47545c65640a 100644 --- a/model/questions/G-PC-1-B.yml +++ b/model/questions/G-PC-1-B.yml @@ -6,7 +6,7 @@ activity: 852c76292e8a41de92205b31cb3f4e49 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-2-A.yml b/model/questions/G-PC-2-A.yml index 707f36cbfcfa..3b4dffb45fa1 100644 --- a/model/questions/G-PC-2-A.yml +++ b/model/questions/G-PC-2-A.yml @@ -6,7 +6,7 @@ activity: 09f4b814a3444b329a7c9c7f54152ffe #Link to the answer set that contains the potential answers for this question -answerset: 9a87d689fe35441aabf1ad4b7048b61e +answerSet: 9a87d689fe35441aabf1ad4b7048b61e #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-2-B.yml b/model/questions/G-PC-2-B.yml index 01a1884f697b..9ba80505df58 100644 --- a/model/questions/G-PC-2-B.yml +++ b/model/questions/G-PC-2-B.yml @@ -6,7 +6,7 @@ activity: 38932fe4024e4ec89646a82e0b4e651e #Link to the answer set that contains the potential answers for this question -answerset: f5042ff6c8d44068a9ac3e1bd8349760 +answerSet: f5042ff6c8d44068a9ac3e1bd8349760 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-3-A.yml b/model/questions/G-PC-3-A.yml index ae9806ebd59b..4ea252d0fdac 100644 --- a/model/questions/G-PC-3-A.yml +++ b/model/questions/G-PC-3-A.yml @@ -6,7 +6,7 @@ activity: fe7afe5fc04742bcbe476d4ba37d8091 #Link to the answer set that contains the potential answers for this question -answerset: e0fcc49a200847eab218c04e2c80490a +answerSet: e0fcc49a200847eab218c04e2c80490a #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-3-B.yml b/model/questions/G-PC-3-B.yml index ea8bdcbe858f..27afb149ba67 100644 --- a/model/questions/G-PC-3-B.yml +++ b/model/questions/G-PC-3-B.yml @@ -6,7 +6,7 @@ activity: e7ba346fabdc44beb47e2c67c14a6726 #Link to the answer set that contains the potential answers for this question -answerset: e0fcc49a200847eab218c04e2c80490a +answerSet: e0fcc49a200847eab218c04e2c80490a #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-1-A.yml b/model/questions/G-SM-1-A.yml index 08ee3e2c850a..6810ba0ca47a 100644 --- a/model/questions/G-SM-1-A.yml +++ b/model/questions/G-SM-1-A.yml @@ -6,7 +6,7 @@ activity: ef0b56870b734b13868697017a9b605e #Link to the answer set that contains the potential answers for this question -answerset: f678b7a00f2441148087d48f8e0a6ad1 +answerSet: f678b7a00f2441148087d48f8e0a6ad1 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-1-B.yml b/model/questions/G-SM-1-B.yml index 280dfcccde14..6aa9009463d8 100644 --- a/model/questions/G-SM-1-B.yml +++ b/model/questions/G-SM-1-B.yml @@ -6,7 +6,7 @@ activity: 0082a76b1a3744d9ab0443bd2168e13d #Link to the answer set that contains the potential answers for this question -answerset: 608f87d59da44e589f0090790675ed23 +answerSet: 608f87d59da44e589f0090790675ed23 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-2-A.yml b/model/questions/G-SM-2-A.yml index 0dc1dadfb828..ab7ce363f8c9 100644 --- a/model/questions/G-SM-2-A.yml +++ b/model/questions/G-SM-2-A.yml @@ -6,7 +6,7 @@ activity: c1778728d66e4b83b59a42405a90598a #Link to the answer set that contains the potential answers for this question -answerset: 66e3e11eb8404fb6880377e539609678 +answerSet: 66e3e11eb8404fb6880377e539609678 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-2-B.yml b/model/questions/G-SM-2-B.yml index 912cf018bddf..ca9a17f75745 100644 --- a/model/questions/G-SM-2-B.yml +++ b/model/questions/G-SM-2-B.yml @@ -6,7 +6,7 @@ activity: c1aef0137df1400cbdd3c660b609b7b2 #Link to the answer set that contains the potential answers for this question -answerset: 439e7b91e6b446ae83b4d1efe831a97d +answerSet: 439e7b91e6b446ae83b4d1efe831a97d #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-3-A.yml b/model/questions/G-SM-3-A.yml index b014dae36e9d..aee39bfcc171 100644 --- a/model/questions/G-SM-3-A.yml +++ b/model/questions/G-SM-3-A.yml @@ -6,7 +6,7 @@ activity: e092ac0ccb8c4fccb6cd662f974dc107 #Link to the answer set that contains the potential answers for this question -answerset: 01b2ac64461d4ec6b40843a4c77e1ba6 +answerSet: 01b2ac64461d4ec6b40843a4c77e1ba6 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-3-B.yml b/model/questions/G-SM-3-B.yml index 11e89f37a9a2..5252e105aea5 100644 --- a/model/questions/G-SM-3-B.yml +++ b/model/questions/G-SM-3-B.yml @@ -6,7 +6,7 @@ activity: 43d347fd280845718f16ccc811e5d942 #Link to the answer set that contains the potential answers for this question -answerset: 01b2ac64461d4ec6b40843a4c77e1ba6 +answerSet: 01b2ac64461d4ec6b40843a4c77e1ba6 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-1-A.yml b/model/questions/I-DM-1-A.yml index 10ab29d61453..3911e5060e44 100644 --- a/model/questions/I-DM-1-A.yml +++ b/model/questions/I-DM-1-A.yml @@ -6,7 +6,7 @@ activity: 93dff7be5f954f8d87d24f4261002508 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-1-B.yml b/model/questions/I-DM-1-B.yml index 4c87c651f741..5666cccfa0dc 100644 --- a/model/questions/I-DM-1-B.yml +++ b/model/questions/I-DM-1-B.yml @@ -6,7 +6,7 @@ activity: d1cb54f1ddd3432480513df320fc0ff8 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-2-A.yml b/model/questions/I-DM-2-A.yml index 1c74fa00c462..4f21a5257707 100644 --- a/model/questions/I-DM-2-A.yml +++ b/model/questions/I-DM-2-A.yml @@ -6,7 +6,7 @@ activity: 2bf0e192a904444b8a2f38c33256e80a #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-2-B.yml b/model/questions/I-DM-2-B.yml index aa875d8b1829..b79596c1ce2a 100644 --- a/model/questions/I-DM-2-B.yml +++ b/model/questions/I-DM-2-B.yml @@ -6,7 +6,7 @@ activity: 15d73a64818c43019504c8d938ca2434 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-3-A.yml b/model/questions/I-DM-3-A.yml index 9bae86bac37f..1c637b21b74e 100644 --- a/model/questions/I-DM-3-A.yml +++ b/model/questions/I-DM-3-A.yml @@ -6,7 +6,7 @@ activity: d955a7b3fbfc4b6aa5b327af9e01c377 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-3-B.yml b/model/questions/I-DM-3-B.yml index 276b8598616e..bcb62fc6adaf 100644 --- a/model/questions/I-DM-3-B.yml +++ b/model/questions/I-DM-3-B.yml @@ -6,7 +6,7 @@ activity: f2a309b82fbc46cfb2f11c9cde20dc0a #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-1-A.yml b/model/questions/I-SB-1-A.yml index 9af8ada69654..2cd7f57093fb 100644 --- a/model/questions/I-SB-1-A.yml +++ b/model/questions/I-SB-1-A.yml @@ -6,7 +6,7 @@ activity: bf536a9305134a769adbd414652054ee #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-1-B.yml b/model/questions/I-SB-1-B.yml index 1975ff7d80bc..98bd679cf50e 100644 --- a/model/questions/I-SB-1-B.yml +++ b/model/questions/I-SB-1-B.yml @@ -6,7 +6,7 @@ activity: bed0489cae4e4401b1d44d56ad36c109 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-2-A.yml b/model/questions/I-SB-2-A.yml index f0db44cbf2e6..b7d5cf290eeb 100644 --- a/model/questions/I-SB-2-A.yml +++ b/model/questions/I-SB-2-A.yml @@ -6,7 +6,7 @@ activity: bcc960e835aa4ad58a9d39a272cbf6f1 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-2-B.yml b/model/questions/I-SB-2-B.yml index 538fe0795a0b..4d709fb13a54 100644 --- a/model/questions/I-SB-2-B.yml +++ b/model/questions/I-SB-2-B.yml @@ -6,7 +6,7 @@ activity: 857a43e335ba467598eca99d48ea0076 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-3-A.yml b/model/questions/I-SB-3-A.yml index c5581d9121a3..795fad240358 100644 --- a/model/questions/I-SB-3-A.yml +++ b/model/questions/I-SB-3-A.yml @@ -6,7 +6,7 @@ activity: 281369f491da4d4c84b0729e344e2c93 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-3-B.yml b/model/questions/I-SB-3-B.yml index 8d17c27842f7..c9bdbfa267a9 100644 --- a/model/questions/I-SB-3-B.yml +++ b/model/questions/I-SB-3-B.yml @@ -6,7 +6,7 @@ activity: d09a731835304ea8aeb4c21565e45c4b #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-1-A.yml b/model/questions/I-SD-1-A.yml index 165db37fcf0d..4c1023c79c7c 100644 --- a/model/questions/I-SD-1-A.yml +++ b/model/questions/I-SD-1-A.yml @@ -6,7 +6,7 @@ activity: 994bcac2bb7c4cc59a0faa365a0b58a0 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-1-B.yml b/model/questions/I-SD-1-B.yml index 974546ae5f1a..de13f0d71cdd 100644 --- a/model/questions/I-SD-1-B.yml +++ b/model/questions/I-SD-1-B.yml @@ -6,7 +6,7 @@ activity: 77a5f467ffe140e2a2839bb522e82c4e #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-2-A.yml b/model/questions/I-SD-2-A.yml index 95883d16dd1b..173c5eca8c1f 100644 --- a/model/questions/I-SD-2-A.yml +++ b/model/questions/I-SD-2-A.yml @@ -6,7 +6,7 @@ activity: 1f3a9306778f4539a437d9f19232cda7 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-2-B.yml b/model/questions/I-SD-2-B.yml index f3eefe330f42..b2a1482c785f 100644 --- a/model/questions/I-SD-2-B.yml +++ b/model/questions/I-SD-2-B.yml @@ -6,7 +6,7 @@ activity: 4729b4bd6dca4d58a68cb854ad4409a6 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-3-A.yml b/model/questions/I-SD-3-A.yml index 2ac868254bfb..8c77ce930ba8 100644 --- a/model/questions/I-SD-3-A.yml +++ b/model/questions/I-SD-3-A.yml @@ -6,7 +6,7 @@ activity: 05a3e75c6c654ae58a115cbf4295662b #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-3-B.yml b/model/questions/I-SD-3-B.yml index 6ec6552701c0..aa079b991b69 100644 --- a/model/questions/I-SD-3-B.yml +++ b/model/questions/I-SD-3-B.yml @@ -6,7 +6,7 @@ activity: fed0d75c064c4a979a5b7b98adfdedbf #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-1-A.yml b/model/questions/O-EM-1-A.yml index 5c1e1a0026eb..afa0d7b0393d 100644 --- a/model/questions/O-EM-1-A.yml +++ b/model/questions/O-EM-1-A.yml @@ -6,7 +6,7 @@ activity: 786b3d7b39cd49a88090554a275f04a6 #This question uses Answer Set T -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-1-B.yml b/model/questions/O-EM-1-B.yml index d70bddb9f6c8..9b2558a308ed 100644 --- a/model/questions/O-EM-1-B.yml +++ b/model/questions/O-EM-1-B.yml @@ -6,7 +6,7 @@ activity: 0721d5bd5d67479991b5b52f33dcd7b1 #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-2-A.yml b/model/questions/O-EM-2-A.yml index 598fbc4789f8..c837caf7a5bf 100644 --- a/model/questions/O-EM-2-A.yml +++ b/model/questions/O-EM-2-A.yml @@ -6,7 +6,7 @@ activity: 84dcbc954d954d95b1fb37e032f05402 #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-2-B.yml b/model/questions/O-EM-2-B.yml index aa0a025b16fb..3b5ff5d8ee9b 100644 --- a/model/questions/O-EM-2-B.yml +++ b/model/questions/O-EM-2-B.yml @@ -6,7 +6,7 @@ activity: b7f1d18fbe724a148f039ce036de98ef #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-3-A.yml b/model/questions/O-EM-3-A.yml index b34ae0a9061b..618368642741 100644 --- a/model/questions/O-EM-3-A.yml +++ b/model/questions/O-EM-3-A.yml @@ -6,7 +6,7 @@ activity: 3156ab7b516e4550893427face9f86bc #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-3-B.yml b/model/questions/O-EM-3-B.yml index e9a76766928c..224693b0aed7 100644 --- a/model/questions/O-EM-3-B.yml +++ b/model/questions/O-EM-3-B.yml @@ -6,7 +6,7 @@ activity: a573c126b3e345fba9d1d94c8158cf60 #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-1-A.yml b/model/questions/O-IM-1-A.yml index 37eb817d3781..8a9bd86858e5 100644 --- a/model/questions/O-IM-1-A.yml +++ b/model/questions/O-IM-1-A.yml @@ -6,7 +6,7 @@ activity: b8dfd23d66224ac88d3ce41cf83ed15e #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-1-B.yml b/model/questions/O-IM-1-B.yml index e0d8b946a2a8..cd57a4120352 100644 --- a/model/questions/O-IM-1-B.yml +++ b/model/questions/O-IM-1-B.yml @@ -6,7 +6,7 @@ activity: b082664b8815407d825b82cf23fa88ea #This question uses Answer Set H -answerset: 381e1e37a19c488ab045a8a512552141 +answerSet: 381e1e37a19c488ab045a8a512552141 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-2-A.yml b/model/questions/O-IM-2-A.yml index 003cfcb25e69..4c42ef7a05be 100644 --- a/model/questions/O-IM-2-A.yml +++ b/model/questions/O-IM-2-A.yml @@ -6,7 +6,7 @@ activity: 5bcb52375a0f4085bb12266c9ecfa84d #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-2-B.yml b/model/questions/O-IM-2-B.yml index 9ee025498588..fc6e7b1210b7 100644 --- a/model/questions/O-IM-2-B.yml +++ b/model/questions/O-IM-2-B.yml @@ -6,7 +6,7 @@ activity: d6dd8813c5074350b5614b92f2dec60d #This question uses Answer Set I -answerset: e5a12ab46e4645a9ab22aa5a1ebe562f +answerSet: e5a12ab46e4645a9ab22aa5a1ebe562f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. @@ -21,7 +21,7 @@ order: 1 #Qualifying Criteria quality: - You have an agreed upon incident classification -- The process considers Root Case Analysis for high severity incidents +- The process considers Root Cause Analysis for high severity incidents - Employees responsible for incident response are trained in this process - Forensic analysis tooling is available #Type Classification of the Document diff --git a/model/questions/O-IM-3-A.yml b/model/questions/O-IM-3-A.yml index b88f8dd5a70f..a62ca2f441bd 100644 --- a/model/questions/O-IM-3-A.yml +++ b/model/questions/O-IM-3-A.yml @@ -6,7 +6,7 @@ activity: 11dd0c95f8914b6cb850a27f0557a9dd #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-3-B.yml b/model/questions/O-IM-3-B.yml index 7a37233674a9..12f3d313a0f6 100644 --- a/model/questions/O-IM-3-B.yml +++ b/model/questions/O-IM-3-B.yml @@ -6,7 +6,7 @@ activity: f692ee8f87c1499681490cc1647c0df4 #This question uses Answer Set E -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-1-A.yml b/model/questions/O-OM-1-A.yml index 0663e9a51d42..742e758c1981 100644 --- a/model/questions/O-OM-1-A.yml +++ b/model/questions/O-OM-1-A.yml @@ -6,7 +6,7 @@ activity: c16a12399dc94cc889d7e9e66e0ae2a0 #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-1-B.yml b/model/questions/O-OM-1-B.yml index 1218cb2da9d8..65fd7d18f8bc 100644 --- a/model/questions/O-OM-1-B.yml +++ b/model/questions/O-OM-1-B.yml @@ -6,7 +6,7 @@ activity: 1a398709b9d3407dbf9db7eeff6e916c #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-2-A.yml b/model/questions/O-OM-2-A.yml index fb273cc07a20..fe0c04414c74 100644 --- a/model/questions/O-OM-2-A.yml +++ b/model/questions/O-OM-2-A.yml @@ -6,7 +6,7 @@ activity: 82a962e3dcc44b1086760de517aaa3c1 #This question uses Answer Set J -answerset: 6c3e82e127264b92b25b732d85286d72 +answerSet: 6c3e82e127264b92b25b732d85286d72 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-2-B.yml b/model/questions/O-OM-2-B.yml index 00ae1568c022..32ac837ac424 100644 --- a/model/questions/O-OM-2-B.yml +++ b/model/questions/O-OM-2-B.yml @@ -6,7 +6,7 @@ activity: 60d7a0a61dd142d5a87009bc5b93df56 #This question uses Answer Set E -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-3-A.yml b/model/questions/O-OM-3-A.yml index 03121612c754..ad0bbd2732ab 100644 --- a/model/questions/O-OM-3-A.yml +++ b/model/questions/O-OM-3-A.yml @@ -6,7 +6,7 @@ activity: cd80066899014962a37af7ab34c83003 #This question uses Answer Set K -answerset: 14ad9a12e44f4079abc610010292f35e +answerSet: 14ad9a12e44f4079abc610010292f35e #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-3-B.yml b/model/questions/O-OM-3-B.yml index baf582119ae8..44b6ecb39e86 100644 --- a/model/questions/O-OM-3-B.yml +++ b/model/questions/O-OM-3-B.yml @@ -6,7 +6,7 @@ activity: 8ab46d242edd413d99a6c1991aef2416 #This question uses Answer Set L -answerset: c1d15e1f5c8946d381f508db29b26473 +answerSet: c1d15e1f5c8946d381f508db29b26473 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-1-A.yml b/model/questions/V-AA-1-A.yml index 1ed2a67eef10..06a255dbf65f 100644 --- a/model/questions/V-AA-1-A.yml +++ b/model/questions/V-AA-1-A.yml @@ -6,7 +6,7 @@ activity: 0f611af10f974da497e7f3defe0c4f12 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-1-B.yml b/model/questions/V-AA-1-B.yml index b782de97ebee..b83bfce988c9 100644 --- a/model/questions/V-AA-1-B.yml +++ b/model/questions/V-AA-1-B.yml @@ -6,7 +6,7 @@ activity: 3ae763a70854421984dfa70980e1bf68 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-2-A.yml b/model/questions/V-AA-2-A.yml index c0769edb7875..935908600507 100644 --- a/model/questions/V-AA-2-A.yml +++ b/model/questions/V-AA-2-A.yml @@ -6,7 +6,7 @@ activity: eba4b86963f44fa59b0b9389a1cfc59b #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-2-B.yml b/model/questions/V-AA-2-B.yml index 0b7244ebf52a..c08a135c998d 100644 --- a/model/questions/V-AA-2-B.yml +++ b/model/questions/V-AA-2-B.yml @@ -6,7 +6,7 @@ activity: 62237ae79ab84a6687de2885b1e3d608 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-3-A.yml b/model/questions/V-AA-3-A.yml index c4c8294325a2..81d6d68fb880 100644 --- a/model/questions/V-AA-3-A.yml +++ b/model/questions/V-AA-3-A.yml @@ -6,7 +6,7 @@ activity: 9d0433c5133c4a4c9c16ae84abe9a235 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-3-B.yml b/model/questions/V-AA-3-B.yml index 3e760f778c2e..078c51e9e78c 100644 --- a/model/questions/V-AA-3-B.yml +++ b/model/questions/V-AA-3-B.yml @@ -6,7 +6,7 @@ activity: a11da5bb4d3c475d9e9c53b104032e65 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-1-A.yml b/model/questions/V-RT-1-A.yml index 6f6b067ccbc7..7c9dce70fddd 100644 --- a/model/questions/V-RT-1-A.yml +++ b/model/questions/V-RT-1-A.yml @@ -6,7 +6,7 @@ activity: 99989f86dabc4a7a87fbe6a274c99ca3 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-1-B.yml b/model/questions/V-RT-1-B.yml index a30cb11ff84a..b56c66916be0 100644 --- a/model/questions/V-RT-1-B.yml +++ b/model/questions/V-RT-1-B.yml @@ -6,7 +6,7 @@ activity: 81ef5625583646bf8bc3fad53e4eff55 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-2-A.yml b/model/questions/V-RT-2-A.yml index 2e683399da35..c194c315c63f 100644 --- a/model/questions/V-RT-2-A.yml +++ b/model/questions/V-RT-2-A.yml @@ -6,7 +6,7 @@ activity: 9951bda24b624cc684a2851f9d56c5d8 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-2-B.yml b/model/questions/V-RT-2-B.yml index 9740f1462f57..fb0906ba1807 100644 --- a/model/questions/V-RT-2-B.yml +++ b/model/questions/V-RT-2-B.yml @@ -6,7 +6,7 @@ activity: fd4d1ac720374b13a25ab1381045b731 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-3-A.yml b/model/questions/V-RT-3-A.yml index 75acae42daf6..016a3c2131be 100644 --- a/model/questions/V-RT-3-A.yml +++ b/model/questions/V-RT-3-A.yml @@ -6,7 +6,7 @@ activity: 7003146cf1a1450293001754fe74787d #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-3-B.yml b/model/questions/V-RT-3-B.yml index af7d18825e52..632dc91af269 100644 --- a/model/questions/V-RT-3-B.yml +++ b/model/questions/V-RT-3-B.yml @@ -6,7 +6,7 @@ activity: d975bb1ce1dd4d61a6039b0a4a05926e #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-1-A.yml b/model/questions/V-ST-1-A.yml index d7b74cce18a3..433b1d10cf36 100644 --- a/model/questions/V-ST-1-A.yml +++ b/model/questions/V-ST-1-A.yml @@ -6,7 +6,7 @@ activity: 921ff24f0b9f4df9a5129aa2f8a4a570 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-1-B.yml b/model/questions/V-ST-1-B.yml index 08d3f493a467..63d4d09217de 100644 --- a/model/questions/V-ST-1-B.yml +++ b/model/questions/V-ST-1-B.yml @@ -6,7 +6,7 @@ activity: b3b20a75740c4880a21ad9aa0c1298c7 #Link to the answer set that contains the potential answers for this question -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-2-A.yml b/model/questions/V-ST-2-A.yml index e1d308b91d71..51e49087b0c1 100644 --- a/model/questions/V-ST-2-A.yml +++ b/model/questions/V-ST-2-A.yml @@ -6,7 +6,7 @@ activity: fb6f258a2e424ee9a919341758222a7a #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-2-B.yml b/model/questions/V-ST-2-B.yml index 56ac8d0eaee6..af29e93f51b0 100644 --- a/model/questions/V-ST-2-B.yml +++ b/model/questions/V-ST-2-B.yml @@ -6,7 +6,7 @@ activity: 346ed576f0a94147ba2b8148abc3c73a #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. @@ -24,7 +24,7 @@ quality: - Penetration testing looks for both technical and logical issues in the application - Stakeholders review the test results and handle them in accordance with the organization's risk management -- Qualified personnnel performs penetration testing +- Qualified personnel performs penetration testing #Type Classification of the Document type: Question diff --git a/model/questions/V-ST-3-A.yml b/model/questions/V-ST-3-A.yml index 6d8b0702f8ff..e95aa46f94b8 100644 --- a/model/questions/V-ST-3-A.yml +++ b/model/questions/V-ST-3-A.yml @@ -6,7 +6,7 @@ activity: 4f6a06796d0840debcc775ea1af65679 #Link to the answer set that contains the potential answers for this question -answerset: f0ccf7b66c0a484aa8374a387438bc98 +answerSet: f0ccf7b66c0a484aa8374a387438bc98 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-3-B.yml b/model/questions/V-ST-3-B.yml index 26b2162fe338..c9aec96d4137 100644 --- a/model/questions/V-ST-3-B.yml +++ b/model/questions/V-ST-3-B.yml @@ -6,7 +6,7 @@ activity: a395d69917b947b28d5995738d716283 #Link to the answer set that contains the potential answers for this question -answerset: 51466c3df15b45119e3fc68293f16034 +answerSet: 51466c3df15b45119e3fc68293f16034 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/security_practices/D-Security-Architecture.yml b/model/security_practices/D-Secure-Architecture.yml similarity index 58% rename from model/security_practices/D-Security-Architecture.yml rename to model/security_practices/D-Secure-Architecture.yml index a4a2abb47b61..bdbf61dc7551 100644 --- a/model/security_practices/D-Security-Architecture.yml +++ b/model/security_practices/D-Secure-Architecture.yml @@ -10,18 +10,18 @@ function: 88c296acaae841a2b2fc5314bff44cb4 id: 4753e55e943c4d418303bf90d599c6b1 #Official name of this practice -name: Security Architecture +name: Secure Architecture #Abbreviation of this practice shortName: SA #A one sentence description of the security practice -shortDescription: The security architecture practice focuses on managing architectural +shortDescription: The secure architecture practice focuses on managing architectural risks for the software solution. #A multi-paragraph description of the security practice longDescription: | - The Security Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling. + The Secure Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling. #The relative order of this practice in the business function order: 3 diff --git a/model/security_practices/D-Security-Requirements.yml b/model/security_practices/D-Security-Requirements.yml index 282eb60d7618..de6a50ce1ce0 100644 --- a/model/security_practices/D-Security-Requirements.yml +++ b/model/security_practices/D-Security-Requirements.yml @@ -21,14 +21,7 @@ shortDescription: This practice focuses on defining appropriate security require #A multi-paragraph description of the security practice longDescription: | - The Security Requirements (SR) practice focuses on security requirements that are important - in the context of secure software. A first type deals with typical software-related - requirements, to specify objectives and expectations to protect the service and - data at the core of the application. A second type deals with requirements relative to supplier organizations that are part of the development context of the application, in particular for outsourced development. It is important to - streamline the expectations in terms of secure development because outsourced development - can have significant impact on the security of the application. The security of - 3rd party (technical) libraries is part of the software supply chains stream (see - Secure Build), and it is not included in this practice. + The Security Requirements (SR) practice focuses on security requirements that are important in the context of secure software. A first type deals with typical software-related requirements, to specify objectives and expectations to protect the service and data at the core of the application. A second type deals with requirements relative to supplier organizations that are part of the development context of the application, in particular for outsourced development. It is important to streamline the expectations in terms of secure development because outsourced development can have significant impact on the security of the application. The security of 3rd party (technical) libraries is part of the software supply chains stream (see Secure Build), and it is not included in this practice. #The relative order of this practice in the business function order: 2 diff --git a/model/security_practices/D-Threat Assessment.yml b/model/security_practices/D-Threat-Assessment.yml similarity index 93% rename from model/security_practices/D-Threat Assessment.yml rename to model/security_practices/D-Threat-Assessment.yml index 2e1d77d783aa..66b9975c2a60 100644 --- a/model/security_practices/D-Threat Assessment.yml +++ b/model/security_practices/D-Threat-Assessment.yml @@ -22,7 +22,7 @@ shortDescription: This practice focuses on identifying potential threats in appl longDescription: | The Threat Assessment (TA) practice focuses on identifying and understanding of project-level risks based on the functionality of the software being developed and characteristics of the runtime environment. From details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business. - By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues while keeping a close watch on the organization’s current performance against known threats. + By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues, tradeoffs, or flaws, while keeping a close watch on the organization’s current performance against known threats. #The relative order of this practice in the business function order: 1 diff --git a/model/security_practices/G-Education-Guidance.yml b/model/security_practices/G-Education-Guidance.yml index 1310dbabbfbd..6d585f5e14ac 100644 --- a/model/security_practices/G-Education-Guidance.yml +++ b/model/security_practices/G-Education-Guidance.yml @@ -10,7 +10,7 @@ function: 102ad02df5dc4a8eb3837ef4ca2c1af4 id: 483a0a1b78264cafbc470ce72d557332 #Official name of this practice -name: Education & Guidance +name: Education and Guidance #Abbreviation of this practice shortName: EG @@ -21,7 +21,7 @@ shortDescription: This practice focuses on increasing the knowledge in the organ #A multi-paragraph description of the security practice longDescription: | - The Education & Guidance (EG) practice focuses on arming personnel involved in the software lifecycle with knowledge and resources to design, develop, and deploy secure software. With improved access to information, project teams can proactively identify and mitigate the specific security risks that apply to their organization. + The Education and Guidance (EG) practice focuses on arming personnel involved in the software lifecycle with knowledge and resources to design, develop, and deploy secure software. With improved access to information, project teams can proactively identify and mitigate the specific security risks that apply to their organization. One major theme for improvement across the Objectives is providing training for employees and increasing their security awareness, either through instructor-led sessions or computer-based modules. As an organization progresses, it builds a broad base of training starting with developers and moving to other roles, culminating with the addition of role-based training to ensure applicability and effectiveness. diff --git a/model/security_practices/G-Policy-Compliance.yml b/model/security_practices/G-Policy-Compliance.yml index fb161892d21c..ec11631b5c3d 100644 --- a/model/security_practices/G-Policy-Compliance.yml +++ b/model/security_practices/G-Policy-Compliance.yml @@ -10,7 +10,7 @@ function: 102ad02df5dc4a8eb3837ef4ca2c1af4 id: be9e7ddb98b84abe8b9e185b979ccf60 #Official name of this practice -name: Policy & Compliance +name: Policy and Compliance #Abbreviation of this practice shortName: PC @@ -21,7 +21,7 @@ shortDescription: This practice drives the adherence to internal and external st #A multi-paragraph description of the security practice longDescription: | - The Policy & Compliance (PC) practice focuses on understanding and meeting external legal and regulatory requirements while driving internal security standards to ensure compliance in a way that’s aligned with the business purpose of the organization. + The Policy and Compliance (PC) practice focuses on understanding and meeting external legal and regulatory requirements while driving internal security standards to ensure compliance in a way that’s aligned with the business purpose of the organization. A driving theme for improvement within this practice is describing organization’s standards and 3rd party obligations as application requirements, enabling efficient and automated audits that may be leveraged within the SDLC and continuously demonstrate that all expectations are met. diff --git a/model/security_practices/G-Strategy-Metrics.yml b/model/security_practices/G-Strategy-Metrics.yml index 63be6776b3ee..f79f7653105e 100644 --- a/model/security_practices/G-Strategy-Metrics.yml +++ b/model/security_practices/G-Strategy-Metrics.yml @@ -10,7 +10,7 @@ function: 102ad02df5dc4a8eb3837ef4ca2c1af4 id: 32b3bdd85d3a4d53827960004f9d1c7e #Official name of this practice -name: Strategy & Metrics +name: Strategy and Metrics #Abbreviation of this practice shortName: SM @@ -21,7 +21,7 @@ shortDescription: This practice forms the basis of your secure software activiti #A multi-paragraph description of the security practice longDescription: | - Software assurance entails many different activities and concerns. Without an overall plan, you might be spending a lot of effort to build in security, while in fact your efforts may be unaligned, disproportional or even counterproductive. The goal of the Strategy & Metrics (SM) practice is to build an efficient and effective plan for realizing your software security objectives within your organization. + Software assurance entails many different activities and concerns. Without an overall plan, you might be spending a lot of effort to build in security, while in fact your efforts may be unaligned, disproportional or even counterproductive. The goal of the Strategy and Metrics (SM) practice is to build an efficient and effective plan for realizing your software security objectives within your organization. A software security program, that selects and prioritizes activities of the rest of the model, serves as the foundation for your efforts. The practice works on building the plan, maintaining and disseminating it. diff --git a/model/security_practices/O-Incident-Management.yml b/model/security_practices/O-Incident-Management.yml index 248d1d489951..6d6a45eb81a9 100644 --- a/model/security_practices/O-Incident-Management.yml +++ b/model/security_practices/O-Incident-Management.yml @@ -16,15 +16,15 @@ name: Incident Management shortName: IM #A one sentence description of the security practice -shortDescription: This practice addresses activities carried out improve the organization's detection of, and response to, security incidents. +shortDescription: This practice addresses activities carried out to improve the organization's detection of, and response to, security incidents. #A multi-paragraph description of the security practice longDescription: | - Once your organization has applications in operation, you're likely to face security incidents. In this model, we define a security incident as a breach, or the threat of an imminent breach, of at least one asset's security goals, whether due to malicious or negligent behavior. Examples of security incidents might include: a successful Denial of Service (DoS) attack against a cloud application, an application user accessing private data of another by abusing a security vulnerability, or an attacker modifying application source code. The Incident Management (IM) practice focuses on dealing with these in your organization. + Once your organization has applications in operation, you are likely to face security incidents. In this model, we define a security incident as a breach, or the threat of an imminent breach, of at least one asset's security goals, whether due to malicious or negligent behavior. Examples of security incidents might include: a successful Denial of Service (DoS) attack against a cloud application, an application user accessing private data of another by abusing a security vulnerability, or an attacker modifying application source code. The Incident Management (IM) practice focuses on dealing with these in your organization. Historically, many security incidents have been detected months, or even years, after the initial breach. During the "dwell time" before an incident is detected, significant damage can occur, increasing the difficulty of recovery. Our first activity stream, Incident Detection, focuses on decreasing that dwell time. - Once you have identified that you're suffering from a security incident, it's essential to respond in a disciplined, thorough manner to limit the damage, and return to normal operations as efficiently as possible. This is the focus of our second stream. + Once you have identified that you are suffering from a security incident, it's essential to respond in a disciplined, thorough manner to limit the damage, and return to normal operations as efficiently as possible. This is the focus of our second stream. #The relative order of this practice in the business function order: 1 diff --git a/model/security_practices/V-Architecture Assessment.yml b/model/security_practices/V-Architecture-Assessment.yml similarity index 72% rename from model/security_practices/V-Architecture Assessment.yml rename to model/security_practices/V-Architecture-Assessment.yml index 7c9b62373011..e3ca68e83ef5 100644 --- a/model/security_practices/V-Architecture Assessment.yml +++ b/model/security_practices/V-Architecture-Assessment.yml @@ -20,9 +20,9 @@ shortDescription: This practice focuses on validating the security and complianc #A multi-paragraph description of the security practice longDescription: | - The Architecture Assessment (AA) practice ensures that the application and infrastructure architecture adequately meets all relevant security and compliance requirements, and sufficiently mitigates identified security threats. The first stream focuses on verifying that the security and compliance requirements identified in the Policy & Compliance and Security Requirements practices are met, first in an ad-hoc manner, then more systematically for each interface in the system. The second stream reviews the architecture, first for mitigations against typical threats, then against the specific threats identified in the Threat Assessment practice. + The Architecture Assessment (AA) practice ensures that the application and infrastructure architecture adequately meets all relevant security and compliance requirements, and sufficiently mitigates identified security threats. The first stream focuses on verifying that the security and compliance requirements identified in the Policy and Compliance, and Security Requirements, practices are met, first in an ad-hoc manner, then more systematically for each interface in the system. The second stream reviews the architecture, first for mitigations against typical threats, then against the specific threats identified in the Threat Assessment practice. - In its more advanced form, the practice formalizes the security architecture review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Security Architecture practice to improve reference architectures. + In its more advanced form, the practice formalizes the architecture security review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Secure Architecture practice to improve reference architectures. #The relative order of this practice in the business function order: 1 diff --git a/model/streams/G-PC-A.yml b/model/streams/G-PC-A.yml index ab3c0c409d28..742e6e3d367d 100644 --- a/model/streams/G-PC-A.yml +++ b/model/streams/G-PC-A.yml @@ -9,7 +9,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 id: c404aa4f711e4f4e9e71faea22f7fb5c #Official stream name -name: Policy & Standards +name: Policy and Standards #Stream letter, A or B letter: A